Skip to main content

Grub2 CVE-2025-1125

HIGH
Out-of-bounds Write (CWE-787)
2025-03-03 secalert@redhat.com
7.8
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.8 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch released
Apr 05, 2026 - 02:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
CVE Published
Mar 03, 2025 - 15:15 nvd
HIGH 7.8

DescriptionCVE.org

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.

AnalysisAI

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections. Affected products include: Gnu Grub2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Grub2

View all
CVE-2015-8370 HIGH POC
7.4 Dec 16

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, ob

CVE-2023-4692 HIGH POC
7.8 Oct 25

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. Rated high severity (CVSS 7.8), this vulnerabil

CVE-2024-2312 MEDIUM POC
6.7 Apr 05

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI syst

CVE-2020-15707 MEDIUM POC
6.4 Jul 29

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRU

CVE-2024-56737 HIGH
8.8 Dec 29

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesys

CVE-2022-2601 HIGH
8.6 Dec 14

A buffer overflow was found in grub_font_construct_glyph(). Rated high severity (CVSS 8.6), this vulnerability is no aut

CVE-2023-4693 MEDIUM POC
4.6 Oct 25

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. Rated medium severity (CVSS 4.6), this vulnerabi

CVE-2021-20233 HIGH
8.2 Mar 03

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack co

CVE-2020-10713 HIGH
8.2 Jul 30

A flaw was found in grub2, prior to version 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack compl

CVE-2025-0678 HIGH
7.8 Mar 03

A flaw was found in grub2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch

CVE-2024-45782 HIGH
7.8 Mar 03

A flaw was found in the HFS filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No

CVE-2025-0689 HIGH
7.8 Mar 03

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to alloc

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.30 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.40 Affected
Container suse/sle-micro-rancher/5.2:latest Image SLES15-SP3-BYOS-Azure Image SLES15-SP3-BYOS-GCE Image SLES15-SP3-HPC-BYOS-Azure Image SLES15-SP3-HPC-BYOS-GCE Image SLES15-SP3-Micro-5-2-BYOS-Azure Image SLES15-SP3-Micro-5-2-BYOS-GCE Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAP-BYOS-Azure Image SLES15-SP3-SAP-BYOS-GCE Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-GCE Affected
Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Image SLES15-SP4-BYOS-Azure Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-CHOST-BYOS-Azure Image SLES15-SP4-CHOST-BYOS-GCE Image SLES15-SP4-CHOST-BYOS-SAP-CCloud Image SLES15-SP4-HPC-BYOS-Azure Image SLES15-SP4-HPC-BYOS-GCE Image SLES15-SP4-HPC-GCE Image SLES15-SP4-Hardened-BYOS-Azure Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-SAP-Azure Image SLES15-SP4-SAP-Azure-LI-BYOS Image SLES15-SP4-SAP-Azure-LI-BYOS-Production Image SLES15-SP4-SAP-Azure-VLI-BYOS Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production Image SLES15-SP4-SAP-BYOS-Azure Image SLES15-SP4-SAP-BYOS-GCE Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAP-Hardened Image SLES15-SP4-SAP-Hardened-Azure Image SLES15-SP4-SAP-Hardened-BYOS-Azure Image SLES15-SP4-SAP-Hardened-BYOS-GCE Image SLES15-SP4-SAP-Hardened-GCE Image SLES15-SP4-SAPCAL-Azure Image SLES15-SP4-SAPCAL-GCE Affected

Share

CVE-2025-1125 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy